Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Xoop

from [Josh Zlatin-Amishav] Network Security [Permanent Link]
Subject: Re: Xoop
Date: Thu, 31 Aug 2006 03:47:12 -0400 (EDT) 
On Wed, 30 Aug 2006, Vlad wrote:

Hello,
I am pen testing a site and I found that it is running Apache/2.0.52
(Unix) mod_ssl/2.0.52 OpenSSL/0.9.7g PHP/5.0.4 mod_jk2/2.0.2  and
Xoop(don't know what version yet) among other things. The core of the
functionality I am testing is related to Xoop.

I searched for bugs and all the other basic stuff.

I noticed something interesting:
https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=index.php
so I tried
https://www.AAAAAAAAAA.com/main/modules/mymenu/index.php?file=../../
And I get a 404 file not found instead of 403!
With the exception of a few default apache DIRs listing is disabled but
all I need is to navigate to a useful/interesting file.

Anyone have any tips about Xoop? 

Hi Vlad,
This is not Xoop specific, but do you have any indication if PHP's
open_basedir is enabled? In other words, have you tried requesting OS
related files? Another approach might be to try a remote file inclusion,
(as long as allow_url_fopen has not been disabled) this way you could create
a local shell. Of course if your looking for Xoops specific issues there
are always these:
http://osvdb.org/searchdb.php?action=search_title&vuln_title=xoops&Search=Search

--
 - Josh




--
Vlad G.

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.
Any review, retransmission, dissemination or other use of, or taking of
any action in reliance upon, this information by persons or entities other
than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the
material from any computer.


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Xoop, Vlad
    • Re: Xoop, Josh Zlatin-Amishav <=
Previous by Date:  rewrite rule for apache, bituman
Next by Date:  OWASP Autumn Of Code 2006, Dinis Cruz
Previous by Thread:  Xoop, Vlad
Next by Thread:  Re: Xoop, Vlad
Indexes:  [Date] [Thread] [Top] [All Lists]